参考 Spring Boot中启动HTTPS ,https://www.website-solution.net/ssl-certificate/...Spring Boot中启动HTTPS
SpringBoot 2.0.0新版和SpringBoot1.5.2版本中Tomcat配置的差别(坑),,Https系列之三:让服务器同时支持http、https,基于spring boot
Spring Boot 配置 SSL 憑證的設定,,HTTP,HTTPS详解以及get post区别,状态码
SSL Certificate(SSL 证书)
是数字证书的一种,类似于驾驶证,护照和营业执照的电子副本,因为配置在服务器上,也称为SSL服务器证书。SSL 证书遵守SSL协议,由受信任的数字证书颁发机构,在验证服务器身份后颁发,具有服务器身份验证和数据传输加密功能。SSL证书给予网站HTTPS安全协议加密传输与信任功能。SSL证书是用于在Web服务器与浏览器以及客户端之间建立加密链接的加密技术。通过配置和应用SSL证书来启用HTTPS协议,来保证互联网数据传输的安全,全球每天有数以亿计的网站都是通过HTTPS来确保数据安全,保护用户隐私。
1.获取证书
这里自己用如下command 命令生成 并把生成的证书keystore.p12放在 src/main/resource文件夹下
keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650
生成证书过程如下,需要记住设置的 keystore password
2.添加依赖
<!-- https://mvnrepository.com/artifact/tomcat/tomcat-http11 -->
<dependency>
<groupId>tomcat</groupId>
<artifactId>tomcat-http11</artifactId>
<version>5.0.28</version>
</dependency>
3. 在application.properties中配置HTTPS 这里密码是生成证书时自己设置的密码
#https
server.port=8443
server.ssl.key-store=classpath:keystore.p12
server.ssl.key-store-password=123456
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat
4.将HTTP请求重定向到HTTPS(可选)
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class ServletWebServerConfiguration {
@Bean
public ServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
// Due to CONFIDENTIAL and /*, this will cause Tomcat to redirect every request to HTTPS.
// You can configure multiple patterns and multiple constraints if you need more control over what is and is not redirected.
SecurityConstraint constraint = new SecurityConstraint();
constraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
constraint.addCollection(collection);
context.addConstraint(constraint);
}
};
tomcat.addAdditionalTomcatConnectors(httpConnector());
return tomcat;
}
@Bean
public Connector httpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8080);
// if connector.setSecure(true),the http use the http and https use the https
// else if connector.setSecure(false),the http redirect to https;
connector.setSecure(true);
// redirectPort The redirect port number (non-SSL to SSL)
connector.setRedirectPort(8443);
return connector;
}
}
5.启动项目 会有如下log打出
o.s.boot.web.embedded.tomcat.TomcatWebServer - Tomcat started on port(s): 8443 (https) 8080 (http) with context path ''